Yes, it is configured that way. I have done this before and it worked fine on AS 6.0.0 but its been giving me trouble since yesterday on AS 5.1.0! I know the .properties files are fine because if I log in using the admin-console (which also uses the jmx-console security domain), the username and password combination it accepts is the one I have in my properties file. It is supposed to be straight forward!

Ok, in that case have you ever entered a valid username and password into a pop up window in your web browser? For BASIC authentication it is quite common for the browser to cache the credentials and automatically present them to the server without further prompts.

If you have one available maybe try a connection from a machine / browser that has not been used to connect to the JMX console previously.

Even I am facing same issue, made changes in the web.xml, jboss-web.xml,login-config and the user.properties file. Still the popup to login for jmx-console does not appear. The jmx-console simply comes without the popup.

Daniel Manyemwe wrote:

That was my thinking as well, so I downloaded Chrome and tried with it, same thing, direct access!

Just tried from a non-dev machine, same thing, so it definitely isnt caching. I even rebooted the server, didnt work.

Were you able to find a solution for it?I have made the following changes.

<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.--> <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint>

Unfortunately I have not solved this problem, but the more secure alternative is to just undeploy the jmx-console. You can move the whole jmx-console.war directory out of /deploy, and should you need it again you can move it in.. not the best solution but given my time constraints thats the best I could come up with!

There is a community courtesy notification for a severe security issue affecting some of the JBoss projects and products. Default security settings in web.xml protect only GET and POST protocols leaving another ones open. Please refer to the following Red Hat KBase article for more information: